k8s-policy
Kubernetes policy management with Kyverno and Gatekeeper. Use when enforcing security policies, validating resources, or auditing policy compliance.
Install
mkdir -p .claude/skills/k8s-policy && curl -L -o skill.zip "https://mcp.directory/api/skills/download/5544" && unzip -o skill.zip -d .claude/skills/k8s-policy && rm skill.zipInstalls to .claude/skills/k8s-policy
About this skill
Kubernetes Policy Management
Manage policies using kubectl-mcp-server's Kyverno and Gatekeeper tools.
When to Apply
Use this skill when:
- User mentions: "Kyverno", "Gatekeeper", "OPA", "policy", "compliance"
- Operations: enforcing policies, checking violations, policy audit
- Keywords: "require labels", "block privileged", "validate", "enforce"
Priority Rules
| Priority | Rule | Impact | Tools |
|---|---|---|---|
| 1 | Detect policy engine first | CRITICAL | kyverno_detect_tool, gatekeeper_detect_tool |
| 2 | Use Audit mode before Enforce | HIGH | validationFailureAction |
| 3 | Check policy reports for violations | HIGH | kyverno_clusterpolicyreports_list_tool |
| 4 | Review constraint templates | MEDIUM | gatekeeper_constrainttemplates_list_tool |
Quick Reference
| Task | Tool | Example |
|---|---|---|
| List Kyverno cluster policies | kyverno_clusterpolicies_list_tool | kyverno_clusterpolicies_list_tool() |
| Get Kyverno policy | kyverno_clusterpolicy_get_tool | kyverno_clusterpolicy_get_tool(name) |
| List Gatekeeper constraints | gatekeeper_constraints_list_tool | gatekeeper_constraints_list_tool() |
| Get constraint | gatekeeper_constraint_get_tool | gatekeeper_constraint_get_tool(kind, name) |
Kyverno
Detect Installation
kyverno_detect_tool()
List Policies
kyverno_clusterpolicies_list_tool()
kyverno_policies_list_tool(namespace="default")
Get Policy Details
kyverno_clusterpolicy_get_tool(name="require-labels")
kyverno_policy_get_tool(name="require-resources", namespace="default")
Policy Reports
kyverno_clusterpolicyreports_list_tool()
kyverno_policyreports_list_tool(namespace="default")
Common Kyverno Policies
kubectl_apply(manifest="""
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: require-labels
spec:
validationFailureAction: Enforce
rules:
- name: require-app-label
match:
resources:
kinds:
- Pod
validate:
message: "Label 'app' is required"
pattern:
metadata:
labels:
app: "?*"
""")
kubectl_apply(manifest="""
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
name: require-limits
spec:
validationFailureAction: Enforce
rules:
- name: require-cpu-memory
match:
resources:
kinds:
- Pod
validate:
message: "CPU and memory limits required"
pattern:
spec:
containers:
- resources:
limits:
cpu: "?*"
memory: "?*"
""")
Gatekeeper (OPA)
Detect Installation
gatekeeper_detect_tool()
List Constraints
gatekeeper_constraints_list_tool()
gatekeeper_constrainttemplates_list_tool()
Get Constraint Details
gatekeeper_constraint_get_tool(
kind="K8sRequiredLabels",
name="require-app-label"
)
gatekeeper_constrainttemplate_get_tool(name="k8srequiredlabels")
Common Gatekeeper Policies
kubectl_apply(manifest="""
apiVersion: templates.gatekeeper.sh/v1
kind: ConstraintTemplate
metadata:
name: k8srequiredlabels
spec:
crd:
spec:
names:
kind: K8sRequiredLabels
validation:
openAPIV3Schema:
type: object
properties:
labels:
type: array
items:
type: string
targets:
- target: admission.k8s.gatekeeper.sh
rego: |
package k8srequiredlabels
violation[{"msg": msg}] {
provided := {label | input.review.object.metadata.labels[label]}
required := {label | label := input.parameters.labels[_]}
missing := required - provided
count(missing) > 0
msg := sprintf("Missing labels: %v", [missing])
}
""")
kubectl_apply(manifest="""
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sRequiredLabels
metadata:
name: require-app-label
spec:
match:
kinds:
- apiGroups: [""]
kinds: ["Pod"]
parameters:
labels: ["app", "env"]
""")
Policy Audit Workflow
kyverno_detect_tool()
kyverno_clusterpolicies_list_tool()
kyverno_clusterpolicyreports_list_tool()
Prerequisites
- Kyverno: Required for Kyverno tools
kubectl create -f https://github.com/kyverno/kyverno/releases/latest/download/install.yaml - Gatekeeper: Required for Gatekeeper tools
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/master/deploy/gatekeeper.yaml
Related Skills
- k8s-security - RBAC and security
- k8s-operations - Apply policies
More by rohitg00
View all skills by rohitg00 →You might also like
flutter-development
aj-geddes
Build beautiful cross-platform mobile apps with Flutter and Dart. Covers widgets, state management with Provider/BLoC, navigation, API integration, and material design.
ui-ux-pro-max
nextlevelbuilder
"UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 8 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient."
drawio-diagrams-enhanced
jgtolentino
Create professional draw.io (diagrams.net) diagrams in XML format (.drawio files) with integrated PMP/PMBOK methodologies, extensive visual asset libraries, and industry-standard professional templates. Use this skill when users ask to create flowcharts, swimlane diagrams, cross-functional flowcharts, org charts, network diagrams, UML diagrams, BPMN, project management diagrams (WBS, Gantt, PERT, RACI), risk matrices, stakeholder maps, or any other visual diagram in draw.io format. This skill includes access to custom shape libraries for icons, clipart, and professional symbols.
godot
bfollington
This skill should be used when working on Godot Engine projects. It provides specialized knowledge of Godot's file formats (.gd, .tscn, .tres), architecture patterns (component-based, signal-driven, resource-based), common pitfalls, validation tools, code templates, and CLI workflows. The `godot` command is available for running the game, validating scripts, importing resources, and exporting builds. Use this skill for tasks involving Godot game development, debugging scene/resource files, implementing game systems, or creating new Godot components.
nano-banana-pro
garg-aayush
Generate and edit images using Google's Nano Banana Pro (Gemini 3 Pro Image) API. Use when the user asks to generate, create, edit, modify, change, alter, or update images. Also use when user references an existing image file and asks to modify it in any way (e.g., "modify this image", "change the background", "replace X with Y"). Supports both text-to-image generation and image-to-image editing with configurable resolution (1K default, 2K, or 4K for high resolution). DO NOT read the image file first - use this skill directly with the --input-image parameter.
pdf-to-markdown
aliceisjustplaying
Convert entire PDF documents to clean, structured Markdown for full context loading. Use this skill when the user wants to extract ALL text from a PDF into context (not grep/search), when discussing or analyzing PDF content in full, when the user mentions "load the whole PDF", "bring the PDF into context", "read the entire PDF", or when partial extraction/grepping would miss important context. This is the preferred method for PDF text extraction over page-by-page or grep approaches.
Related MCP Servers
Browse all servers
KubernetesControl and monitor Kubernetes clusters easily. Simplify your K8s management and debugging with powerful features.
Argo CDManage Kubernetes GitOps applications and resources with Argo CD and your assistant. Seamless argocd integration for aut
Argo CDManage Kubernetes GitOps applications and deployments with Argo CD integration for easy, natural language control from y
Think ToolThink Tool is a powerful knowledge management system for explicit reasoning, policy verification, and safe knowledge dat
KubernetesManage Kubernetes clusters in real-time using kubectl commands for seamless resource administration directly within conv
NetskopeIntegrate Netskope for automated zero trust network access (ZTNA), policy creation, and secure private app management vi